A blog by Geert van der Cruijsen on Apps, Cloud & ALM

Working in an enterprise environment, permissions in Azure might be trimmed down so users do not have access on Azure subscriptions itself and only have access to specific resource groups. When someone has contributor permissions in a resource group you might think that they should be able to create all the things in there that they would like. This is not always the case. Each Azure resource type has to be registered through a resource provider on the subscription level. When users only have access to certain resource groups and not to the subscription itself you can run into errors when you try to create a new resource that is not registered yet.

Here is a sample screenshot that happened when sql was not registered.

There are a couple of options to fix this.

Manually register the resource type in the azure portal

Register all resource types in a subscription using the Azure CLI

Create a specific role for all users to give them permissions to register resource providers

Manually registering resource types in the Azure portal

Registering a resource type in the Azure portal is the simplest if you only want to register a specific resource type. If you want to register every resource type available this requires a lot of clicking so it’s better to choose one of the other 2 options using the CLI or a custom role.

Using the Azure portal to register a resource type is easy though. In the portal navigate to your Subscription. In the Left menu click on Resource Providers and after that click Register for each of the resources you want to register.

Register all resource types in a subscription using the Azure CLI

You can also use the Azure CLI to register all available resource types in your azure subscription. This is done through one line of Azure CLI.
This will initially list all resource providers and then for each resource provider it will call the register method. One caveat to watch out for is that if new resource types are added to Azure they are not automatically registered so you’ll have to run the script again or choose the 3rd option creating a specific role that all users get so they can automatically register resource providers

Create a specific role for all users to give them permissions to register resource providers

The final and most future proof solution is creating a new role which you can assign to all your users which has permissions to register a new resource provider. The first step in creating this is defining a new json file describing this role.

this json file sets the action for registering resource providers to be allowed and the only thing you’ll have to customize is adding your own subscription ids. When this security role json file is finished we can use the Azure CLI to create the role and after that we can assign users to the role. This does require you have certain groups in AD containing all your users you want to give access. If you don’t have that the 2nd option is probably better for you because it will become a lot of work to assign this role to all your users manually.

That’s it! I’ve given you 3 options to solve this Azure error so hopefully one of these can help you get going again in building great cool stuff on Azure

About

This is a personal blog by Geert van der Cruijsen: Geert is a technical expert and architect on mobile and cloud technology based on the Microsoft stack. Geert has implemented enterprise mobility solutions and apps at several companies in the Netherlands and abroad. Geert is also an active co-organizer and speaker for several mobile developer communities.

Geert works as a Lead Consultant at Xpirit in the Netherlands. At Xpirit Geert helps Xpirit's customer with their Mobile strategy and vision from defining the right mobile moments to Xamarin expertise or setting up mobile development factory or mobile center of excellences. Geert is an expert on the full Mobile application development lifecycle.

Geert also works as a Xamarin Partner trainer doing class room Xamarin training for Xamarin University

This blog will focus on everything related to digital mobility from mobile app development tips using Xamarin, Android, iOS & Windows 10 to topics related to Microsoft Azure and ALM.